POLICY ON THE PROCESSING OF PERSONAL DATA AND USE OF COOKIES
Last Updated: January 22, 2025
This Policy establishes the procedure for the collection, storage, processing, and transfer of Personal Data of Platform Users Changebox Limited, incorporated at BVI , company number 2171550 (hereinafter referred to as the "Operator" or "we"). It also discloses information about the measures taken by the Operator to ensure the security of Personal Data aimed at protecting the rights and freedoms of Users, including the right to privacy, personal, family, and commercial secrets.
This Policy is part of the ChangeBox Platform Terms of Use and its applications. Please carefully review this Policy. If you have any questions or concerns, please contact us through the Platform or by sending an email to info@changebox.io.
1. Definitions
1.1. The following terms are used in this document:
-
Platform: The aggregate of information, web forms, software and hardware, and intellectual property accessible from User devices via special software for viewing web pages (browser) at the domain (or (sub)domain, if the domain name has a corresponding sign): changebox.io (equal to https://changebox.io, with/without the abbreviation "www"), the exclusive rights and/or the right to use which belong to the Operator.
-
User: A natural or legal person who has registered an Account on the Platform.
-
Operator: Changebox Limited, registered in BVI, operating the Platform.
-
ChangeBox Platform Terms of Use or General Terms: The main agreement between the User and the Operator, including general provisions and agreements between them regarding the procedure for using the Platform. This document is available at: https://changebox.io.
-
Account: A unique set of data for each User about the User and their use of the Platform's functionality, access to which is provided to the User through the Platform interface when providing the correct access data specified by them during registration.
-
Personal Data: Identifying data, personal characteristics, information about family status, financial status, health status, and other data that Users provide to the Operator when using the Platform or in connection with the use of the Platform.
-
Processing of Personal Data: Any operation or set of operations performed independently of the methods with Personal Data by automatic means or without them, for the purposes of collection, recording, storage, updating, grouping, blocking, erasure, and destruction of Personal Data.
1.2. Terms and definitions used in the Policy but not defined above are understood in the meaning given to them by the General Terms and their applications, and in the absence of a definition in them, in accordance with interpretations presented on the Internet.
2. Agreement to Terms
2.1. If you agree to the provisions of this Policy, you may accept them by placing a checkmark or its equivalent next to the field "I agree to the terms of the Personal Data Processing Policy and the use of Cookies" during Account registration or when visiting the Platform.
2.2. If at any time you disagree with any provision of this Policy, you must immediately cease using the Platform and Services.
3. Collected Personal Data
3.1. To provide access to the Platform, we request information from Users about themselves; such data can be divided into the following categories:
| Category | Data |
|---|---|
| Communication Data | Email address, Telegram account, other contact information you use to communicate with us. |
| Registration Data | Email address, Telegram account. |
| Verification Data | For individuals: full name, date of birth, address of residence, email address (if not already provided during registration); other information required by law. For legal entities: full name, location, TIN, email address (if not already provided during registration); other information required by law. |
| Automatically Collected Data | IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, usage data. |
3.2. We are constantly developing the Platform and Services, adding new features and capabilities. In this connection, the table of collected Personal Data indicated above may be changed. To access new features, we may request you to provide additional information about yourself. We will notify you of such changes and request your consent to collect and process additional Personal Data.
3.3. Please note that the provision of Personal Data is entirely voluntary. However, refusal to provide data may restrict your access to certain Services and functionalities of the Platform, especially those that require Account verification.
4. Purposes of Collecting and Processing Personal Data
4.1. We collect your Personal Data for the following purposes:
| Category | Purpose |
|---|---|
| Communication Data | Providing feedback; communication on administrative matters. |
| Registration Data | Providing access to the Platform's functionality; ensuring network and information security; providing communication. |
| Verification Data | Providing access to Services; ensuring compliance with legal requirements of the British Virgin Islands for the provision of Services; ensuring network and information security; providing communication. |
| Automatically Collected Data | Ensuring the normal functioning of Products; providing opportunities for necessary monitoring of the use of Services; improving the efficiency of the Platform; ensuring user convenience and ease of use of the Platform. |
4.2. We undertake to use your Personal Data EXCLUSIVELY for the purposes stated above. Exceptions are cases where the collection and use of data are required for other purposes compatible with the original purpose, or when it is necessary in accordance with applicable laws, court decisions, or orders from executive authorities.
4.3. If we need to use your Personal Data for other purposes not specified above, we will notify you in advance and provide information about the legal grounds for such use.
5. Procedure for Collecting Personal Data
5.1. We may collect User Personal Data in various ways:
| Category | Collection Method |
|---|---|
| Communication Data | We gain access to such Personal Data when you contact us on any matter prior to account registration, to provide feedback, or for any other purpose (e.g., via email, Telegram). |
| Registration Data | You provide this Personal Data when you complete and submit the relevant application forms for Account registration and perform the necessary actions for Account registration. |
| Verification Data | You provide this Personal Data to us or authorized representatives when you complete the Account verification process on the Platform or through a personal visit to our office or the office of our representatives, as well as when submitting applications for the use of virtual asset purchase/sale services and when communicating with our support team and regional representatives. |
| Automatically Collected Data | We collect this data in the process of your interaction with the Platform using cookies, server logs, and other similar technologies. |
6. Storage of Personal Data
6.1. We store your Personal Data only for the period necessary to achieve the purposes of its collection and processing, or within the time limits established by applicable law. Depending on the category of Personal Data, the following applicable storage periods may be identified:
| Category | Storage Period |
|---|---|
| Communication Data | Until the moment we provide you with feedback. |
| Registration Data | For the entire duration of the Account. In cases where you undergo Account verification and use of Services, this information is stored for 5 years from the date of receipt of such data. This period may be shortened or extended in accordance with applicable legislation. |
| Verification Data | For the entire duration of the Account and for 5 years from the date of receipt of such data. This period may be shortened or extended in accordance with applicable legislation. |
| Automatically Collected Data | For the entire duration of the Account. In cases where you undergo Account verification and use of Services, individual data may be stored for 5 years from the date of receipt of such data. This period may be shortened or extended in accordance with applicable legislation. |
6.2. Please note that we may store your Personal Data for a longer period if this is necessary to fulfill the requirements of applicable laws and regulations. Some Personal Data may be retained even after the closure of your Account for the purposes of fraud prevention, the possibility of prosecuting persons involved in fraudulent activities, and compliance with our legal obligations.
7. Legal Basis for Processing Personal Data
7.1. The processing of Personal Data is carried out in accordance with the provisions of Regulation of the European Parliament and Council of the European Union on the protection of individuals with regard to the processing of personal data and on the free movement of such data (English, "General Data Protection Regulation" or "GDPR"), and our local rules.
7.2. In cases where the legislation of your country of residence establishes stricter standards for the processing of Personal Data, we undertake to comply with such standards when processing your data.
7.3. The legal basis for processing Personal Data includes the following:
(a) Consent. Processing of Personal Data may be carried out with your prior explicit consent, given voluntarily, knowingly, and unequivocally. You have the right to revoke your consent at any time by notifying us, which will lead to the termination of processing of your Personal Data unless otherwise provided by law. Processing of Personal Data that was based solely on consent will be stopped.
(b) Performance of a contract. We process your Personal Data in order to fulfill our obligations under the contract to which you are a party, or in order to take the necessary steps prior to entering into a contract. Such processing may include the identification of the User, providing access to the Services.
(c) Legitimate interests. We may process your Personal Data in order to protect our legitimate interests or the interests of third parties, provided that such interests do not violate your rights, freedoms and legitimate interests. Legitimate interests may include ensuring the security of the Platform, preventing fraud, and improving the quality of Services.
(d) Compliance with the law. We are obliged to process Personal Data when this is necessary to fulfill the obligations established by the legislation and regulations of the British Virgin Islands. This may include fulfilling legislative requirements in the area of providing services related to virtual assets, taxation, accounting, financial control, or consumer protection, as well as the obligation to provide data to government bodies in cases provided for by law.
8. Transfer of your Personal Data to Third Parties
8.1. We transfer your Personal Data to third parties solely to the extent necessary to achieve the processing purposes specified in this Policy, and in accordance with applicable legislation of the British Virgin Islands.
8.2. Transfer occurs only in the following cases:
(a) With your prior explicit consent; (b) Within the framework of the execution of a contract to which you are a party; (c) To fulfill our legal obligations; (d) To protect our legitimate interests or the interests of third parties.
8.3. The transfer of your Personal Data may be made to the following categories of entities:
(a) Business partners, suppliers and subcontractors: We may involve service providers such as agents, counterparties, payment providers, notification services, and other companies that assist us in providing Services and operating the Platform.
(b) Legal and government agencies: Your Personal Data may be transferred to competent government bodies, including courts and law enforcement agencies, if this is required by law.
(c) Legal successors: In the event of reorganization, merger, sale, or other transfer of our business, your Personal Data may be transferred to the legal successor.
8.4. We guarantee that we will not sell, exchange, or otherwise transfer your Personal Data to third parties without your explicit consent.
8.5. We take all necessary measures to protect your Personal Data during its transfer to third parties, including the use of confidentiality agreements, encryption mechanisms, and other technical and organizational means.
8.6. We are not responsible for the use of your Personal Data by third parties if such transfer was made on the basis of your consent or in cases provided for by law.
8.7. You have the right to request information about who, when, and on what grounds your Personal Data was transferred to by contacting us using the contact details specified in this Policy.
9. Cross-border Transfer of Personal Data
9.1. To ensure the possibility of providing Services and operating the Platform, we may use the services of foreign data processing service providers where permitted by the law applicable to the processing of your Personal Data. In addition, some jurisdictions establish requirements for storing Personal Data on servers located within the territory of the state of the Personal Data subject.
9.2. In the event of the transfer of your Personal Data outside the the British Virgin Islands, we ensure compliance with all requirements of applicable law, including:
(a) Ensuring an adequate level of data protection in the recipient country; (b) Concluding agreements with data recipients containing provisions on data protection; (c) Obtaining your consent if required by law.
9.3. We understand the importance of protecting your Personal Data when it is transferred abroad. If your Personal Data is transferred to other countries, we ensure compliance with data protection legislation, including, but not limited to, Law No. 58 and the GDPR, depending on the jurisdiction.
9.4. To ensure the security of your Personal Data during cross-border transfer, we take the following measures:
(a) Securing data protection standards in the contract. We conclude agreements with third parties to whom we transfer your Personal Data, which stipulate requirements when interacting with User Personal Data that are designed to ensure a sufficient level of data protection.
(b) Analysis of the level of data protection. We assess the level of data protection in the countries to which data may be transferred and take additional measures to protect it if necessary.
(c) Use of encryption technologies. We use security measures, such as encryption, to ensure the confidentiality and security of your data when it is transferred across international channels.
10. Measures for Protecting Personal Data
10.1. We have implemented a comprehensive approach to ensuring the confidentiality, integrity, and security of your Personal Data, taking measures to prevent its loss, theft, unauthorized access, misuse, alteration, or destruction. These measures include both technical and organizational security measures that meet the best world practices of data protection.
10.2. To ensure the security of your data, we use modern encryption technologies and other protection methods. Key technical measures include:
(a) Data encryption: We use Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, which ensure the secure transfer of data over the Internet, guaranteeing its encryption and protection against interception. All data transmitted between you and our platform is protected using these technologies, which prevents it from being read or modified by third parties.
(b) HTTPS and secure encoding: We ensure data protection through HTTPS and secure encoding, which helps prevent information leakage during its transmission over the network.
(c) Regular security audits: We regularly conduct penetration testing and assess vulnerabilities in our security system to minimize risks associated with data security.
10.3. We also take the following organizational measures to protect your Personal Data:
(a) Access restriction: Only a limited circle of authorized employees has access to your Personal Data, and this access is strictly controlled. All employees are obliged to maintain confidentiality and not to transfer information to third parties without legal grounds.
(b) Security policies and procedures: We have implemented strict internal security policies and procedures to guarantee adequate data protection and processing in accordance with applicable laws and regulations.
(c) Employee training: Our employees undergo regular training on issues of confidentiality and data protection to ensure that all operations with Personal Data comply with current requirements and security standards.
10.4. We periodically assess and update security measures, taking into account changes in legislation, technologies, and threats. This allows us to respond promptly to potential risks and improve the protection of your Personal Data.
10.5. We use modern systems of protection against external threats, such as firewalls and anti-virus programs, to prevent unauthorized access and minimize the risks of external attacks.
11. Rights of Users as Subjects of Personal Data
11.1. Your main rights as a subject of Personal Data include the following:
(a) Right of access: You have the right to request information about what Personal Data about you is being processed, as well as to receive a copy of this data. We will provide you with information about the fact of processing of Personal Data, the legal grounds and purposes of processing Personal Data, methods of processing Personal Data, sources of data acquisition, processing periods, name and location of the holder of the Personal Data array, information about persons who have access to Personal Data or to whom Personal Data may be transferred on the basis of an agreement with the holder of the Personal Data array or on the basis of law, and other information at your written request. We may request a document confirming your identity before transferring the requested information, and we may charge a fee if such information is provided on physical media (paper, diskette, etc.) to cover the cost of such media. Information about the availability of Personal Data and the Personal Data itself are provided to you within a period not exceeding 7 (seven) days from the date of the application.
(b) Right to rectification: If your Personal Data is inaccurate or incomplete, you have the right to request its correction. We undertake to update the data within a reasonable time frame. We may request documentary confirmation of the inaccuracy of the Personal Data we have.
(c) Right to erasure (right to be forgotten): You have the right to request the deletion of your Personal Data if it is no longer required for the purposes for which it was previously requested, if you have withdrawn your consent, if the data has been processed illegally, or if this is required in accordance with applicable laws. However, it should be borne in mind that in some cases, for example, for the fulfillment of legal obligations, we may be forced to refuse you and continue to store your Personal Data.
(d) Right to data portability: You have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and also to transfer it to another operator if the processing is based on your consent or contract and is carried out using automated means.
(e) Withdrawal of consent: If the processing of your Personal Data is based on your consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the legality of data processing that was carried out before the withdrawal of consent. This will not affect the legality of any processing that was carried out before the withdrawal of consent. Please note that any Personal Data for which the basis for processing differs from your consent will continue to be processed.
(f) Right to restriction of processing: In some jurisdictions, applicable legislation may give you the right to restrict or object to the processing or transfer of your Personal Data under certain circumstances. We may continue processing Personal Data if this is necessary to protect our rights or in any other cases provided for by applicable legislation.
11.2. Please note that none of the aforementioned rights is absolute, meaning that they must generally be balanced against our own legal obligations and legitimate interests. If a decision is made to reject your request, we will inform you of this together with the reasons for our decision.
11.3. To exercise any of the rights listed, please contact us using the contact details indicated in this Policy.
11.4. If you believe that your rights to the protection of Personal Data have been violated, you have the right to file a complaint with the competent authority, which in the BVI is responsible for overseeing the processing of Personal Data.
12. Links to Third-Party Resources
12.1. The Platform may contain links to external websites and platforms that are owned and operated by third parties. The policies and practices for processing Personal Data of these third-party resources may differ from ours, and we do not control their content or the procedure for processing data.
12.2. The Operator is not responsible for the protection of Personal Data or the confidentiality measures used by such third parties. We recommend that you carefully review the privacy policies of each third-party resource before using its services, providing it with Personal Data, or any other information.
12.3. The use of links to third-party resources is carried out by the User at their own risk. The Operator does not guarantee the availability, security, or reliability of such third-party resources and is not responsible for any possible losses caused by their use.
13. Cookies
13.1. Cookies are small text files that are stored on your device when you visit the Platform. Certain information is stored in this text file, for example, the choice of language. When you revisit the site, this cookie file is sent to the site, which recognizes your browser and can display the corresponding language version of the text on the site.
13.2. The Operator uses cookies and similar technologies to improve the functionality of the Platform, analyze user experience, monitor the use of the Platform's functionality, and provide personalized content and advertising.
13.3. Upon your first visit to the Platform, we will request your consent to place cookies on your device.
13.4. You can manage cookies through your browser settings. You have the right to prohibit the use of cookies, but this may limit the functionality of the Platform. To learn more about cookies, including to find out which cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
13.5. You can prevent your browser from accepting certain cookies, require your browser to request your consent before a new cookie is placed in your browser, or completely block cookies by selecting the appropriate settings in your browser's privacy settings. To prevent cookies from being received in the browser of your mobile device, you need to refer to its user manual. To find out how to refuse cookies set by our providers, follow the links provided in the table above.
13.6. The links below will help you find settings for some popular browsers: [List of browser cookie setting links] To find information regarding other browsers, visit the browser developer's website.
14. Amendments to the Policy
14.1. The Operator hereby reserves the right, at its sole discretion and at any time, to make changes to this Policy by publishing its amended version on the Platform. The new version of the Policy will include the amended date of the last update on its first page.
14.2. The User undertakes, at their own risk, to constantly check for changes to the Policy and to perform the following actions: (i) remember/note the date of the last update indicated in the Policy (for example, save a copy of the Policy, etc.) upon initial registration of their Account and at any time after amendments are made, (ii) regularly visit the relevant page of the Platform and review the document if the update date changes.
14.3. If you disagree with any changes to the Policy, you must immediately cease using the Platform and Services.
15. Our Contact Information
15.1. If anything remains unclear in the text of this Policy, we will be happy to clarify its provisions. You can also use the contact details specified in this section for any reason provided for in this Policy.
15.2. For any questions related to this Policy, please contact us at info@changebox.io.
